openssh-5.1p1 client and server package

Configuration wizards, scanners, remote desktop, etc.
Post Reply
Message
Author
Sven
Posts: 3
Joined: Wed 23 Jul 2008, 17:25

openssh-5.1p1 client and server package

#1 Post by Sven »

Hello,

enclosed are two openssh packages. The client (including ssh-agent _AND_ ssh-add) and the server packages.

The server depends on the installed client.

openssh-server will create RSA1, (for protocol1) RSA and DSA host-keys if needed and starts the sshd directly via the control-script /etc/rc.d/rc.sshd. There is also a symbolic link from /etc/init.d to start sshd after bootup.

compiled on nop-400 with devx_400.sfs. Should work on dingo.

Deinstallation will leave /etc/ssh/ssh_host.* keyfiles, cause the hostkey never changes.

Feedback would be appreciated. Works for me.

regards Sven

damianmora
Posts: 1
Joined: Fri 09 Jan 2009, 16:32

Works

#2 Post by damianmora »

sshd works fine.

leifove
Posts: 6
Joined: Fri 03 Apr 2009, 12:57

Works on 4.2 as well :-)

#3 Post by leifove »

I clicked on the download link for the client and installed using petget. Then I clicked on the download link for the server and intalled using petget. Finally, I opened a console window and ran:

/etc/rc.d/rc.sshd start

That's all it took to install and run a SSH deamon on my Puppy 4.2 :-)

Now I access my Puppy remotely from my Debian laptop, simply by opening a console window in Debian and typing

ssh puppypc

Thanks for your good work, Sven !

bianchi
Posts: 23
Joined: Fri 26 Mar 2010, 04:56

using ssh via script without password?

#4 Post by bianchi »

Anyone know how to :
using ssh via script without password?

I want to restart my thin client remotely using ssh

Tx

Master_wrong
Posts: 452
Joined: Thu 20 Mar 2008, 01:48

#5 Post by Master_wrong »

Cluster-Pup v.2-Puppy Beowulf Cluster
[url]http://www.murga-linux.com/puppy/viewtopic.php?p=499199#499199[/url]

User avatar
Amgine
Posts: 231
Joined: Thu 22 Sep 2011, 01:27
Location: Washington State

#6 Post by Amgine »

Is there anything up to date yet?

saurom1205
Posts: 2
Joined: Thu 21 Mar 2013, 03:23

thank you

#7 Post by saurom1205 »

thank you so much. it's verry good

Endre
Posts: 3
Joined: Mon 16 Sep 2013, 20:35

X11 forwarding doesn't work

#8 Post by Endre »

Thanks Sven, I've just installed the sshd server and it works dandy in Precise 5.7.1, with one exception. X11 forwarding (using graphical applications over SSH) doesn't work out of the box even though all relevant options are correctly set.

I had installed xauth 1.0.6-1 from the Ubuntu Precise repositories, but sshd still complained about missing xauth. Inspired by this lifesaving post, I looked into sshd:

Code: Select all

# strings /usr/sbin/sshd|grep xauth
/usr/X11R7/bin/xauth
xauthlocation
maxauthtries
No xauth program; cannot forward with spoofing.
Apparently sshd expects xauth in /usr/X11R7/bin/. As suggested in the post, I symlinked the existing /usr/bin/xauth to /usr/X11R7/bin/xauth:

Code: Select all

ln -s /usr/bin/xauth /usr/X11R7/bin/xauth 
Lo and behold, X11 forwarding now works just great.

Endre
Posts: 3
Joined: Mon 16 Sep 2013, 20:35

ssh5.9_p1 from Ubuntu Precise Main works too

#9 Post by Endre »

In a second attempt and after some tweaking, I seem to have succeeded in getting the sshd server from the Ubuntu repositories up and running.
  1. Install the ssh_5.9p1 metapackage from the Ubuntu Precise Main repository. openssh-server_5.9p1 which is a part of the above metapackage might be sufficient too.
  2. Proceed as described here to get rid of the Privilege separation user sshd does not exist error.
  3. Comment out UsePAM yes in /etc/sshd.config (or else get the PAM configuration right, I didn't bother trying for now).
  4. If you want the server daemon to run on startup, comment out 3 lines below # The init.d script is only for chroots in /etc/init.d/ssh.
  5. Enjoy.
Disclaimer: The above are just quick hacks by a Linux beginner. There might be better ways of going about it (if you know of one, let me know).

User avatar
sc0ttman
Posts: 2812
Joined: Wed 16 Sep 2009, 05:44
Location: UK

SSH key pairs and faster SSH login

#10 Post by sc0ttman »

Just thought this might be useful:

SSH lets you login to other people computers (remote server) from your own (local client) PC, if you and they are running SSH. You login as one of the users on the remote system, giving the username and remote URL in the ssh command:

Code: Select all

ssh user@domain.com
SSH will ask you for the password of the user on that system, when you attempt to login.

However, SSH has its own, better way of authenticating your login - called 'SSH key pairs' or 'SSH keys'.

They're better than just giving the user login details of the user on the remote machine. Why? More secure - SSH keys come in two flavours, DSA and RSA - the RSA keys are even more secure.

Why more convenient? Well, when working with git or logging in & out of a server frequently for any reason, you don't want to give a password every time!

After adding your public SSH key to a server, you can run a simple command on your local PC, so that you no longer need to provide your login details, until you logout (or close your terminal emulator window!).

Don't worry..

It's not that complicated - don't be fooled by long winded blogs about it (like I was).

Summary steps (details follow after):

1. Create an SSH key ( this makes 2 files, a private 'id_rsa' and a public 'id_rsa.pub' )

2. Add the public key to the file ~/.ssh/authorized_keys on the server.

3. Add your key to SSH-agent (on your local system).

4. Then, login to remote system using SSH, it will ask for your SSH key.

It's so simple to setup SSH keys, and I can boil down the heaps of stuff I had to read into a few simple commands:


Details of how to make it work:

1.: on CLIENT (your local PC), set up the RSA keys, choose a 'passphrase' for your key:

Code: Select all

ssh-keygen -t rsa
2.: Then, on the CLIENT, add your key to authorized list (stored on the server):

Code: Select all

cat ~/.ssh/id_rsa.pub | ssh -p <port> <username>@<host_ip> 'cat - >> ~/.ssh/authorized_keys'
3.: Then login to SERVER from CLIENT, via ssh, give passphrase created in step 1 when asked:

Code: Select all

ssh -p <port> user@host_ip
4.: then logout again, and on CLIENT, start ssh-agent and add your SSH key to the session:

Code: Select all

eval `ssh-agent -s`; ssh-add ~/.ssh/id_rsa
Then, re-login to server, as in step 3, give your key, logout, re-login, and finally, you should be able to login via SSH without giving the users password, or your passphrase.

Code: Select all

ssh -p <port> user@host_ip
Done.

To test further, I then created new user on my server, to try it all again, logging into a different *nix user on the server.

I added my SSH key to the new users ~/.ssh/authorized_keys file, but it wouldn't work! I had to enter the users passsword, not my SSH passphrase, each time.

I tried other users on the server... same problem..

It was a permission thing...

For any user on my server not allowing login using SSH keys, I could fix it by logging in as that user on the server using ssh, then run these commands:

Code: Select all

chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
su root
chown -R user:user .ssh


..as it was my server, i could do the su root thing.

Lastly, logout and, on the CLIENT, do the following to login using your SSH key:

Code: Select all

eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa
ssh -p <port> example.com
Last edited by sc0ttman on Tue 17 Sep 2013, 21:12, edited 5 times in total.
[b][url=https://bit.ly/2KjtxoD]Pkg[/url], [url=https://bit.ly/2U6dzxV]mdsh[/url], [url=https://bit.ly/2G49OE8]Woofy[/url], [url=http://goo.gl/bzBU1]Akita[/url], [url=http://goo.gl/SO5ug]VLC-GTK[/url], [url=https://tiny.cc/c2hnfz]Search[/url][/b]

User avatar
sc0ttman
Posts: 2812
Joined: Wed 16 Sep 2009, 05:44
Location: UK

Shorter SSH commands

#11 Post by sc0ttman »

Also useful, maybe:

Here is a good post about shortening commands typed into SSH and Git, using the SSH config file: https://coderwall.com/p/vznqwq

You might want to, and sometimes might need to, create shorter or different URLs than the ones you want to SSH into.

For example, maybe the server you want to login to, is something like this:

longuser@this.domain-is-too-long.com:1234

So the ssh command is (at least):

Code: Select all

ssh -p 1234 longuser@this.domain-is-too-long.com
You don't want to type that all the time, or maybe Git is telling you the URL is malformed, cos of the custom SSH port..

So, in your ~/.ssh/config file, you can put:

Code: Select all

Host newname
  HostName this.domain-is-too-long.com
  User longuser
  Port 1234
Then, to login through ssh, you need only type:

Code: Select all

ssh newname
Another example, from the post above, with Github.com:

SSH URL:

Code: Select all

git@github.com:tfnico/guava-examples.git
So, I add an ~/.ssh/config entry like this:

Code: Select all

Host hub
HostName github.com
User git
Now the Git command is much shorter than before:

Code: Select all

git clone hub:tfnico/guava-examples
Last edited by sc0ttman on Tue 17 Sep 2013, 08:22, edited 1 time in total.
[b][url=https://bit.ly/2KjtxoD]Pkg[/url], [url=https://bit.ly/2U6dzxV]mdsh[/url], [url=https://bit.ly/2G49OE8]Woofy[/url], [url=http://goo.gl/bzBU1]Akita[/url], [url=http://goo.gl/SO5ug]VLC-GTK[/url], [url=https://tiny.cc/c2hnfz]Search[/url][/b]

User avatar
sc0ttman
Posts: 2812
Joined: Wed 16 Sep 2009, 05:44
Location: UK

#12 Post by sc0ttman »

Also, see here for stuff about X11 forwarding, and x2x, which lets you take control of the servers keyboard/mouse: http://murga-linux.com/puppy/viewtopic.php?t=88675
[b][url=https://bit.ly/2KjtxoD]Pkg[/url], [url=https://bit.ly/2U6dzxV]mdsh[/url], [url=https://bit.ly/2G49OE8]Woofy[/url], [url=http://goo.gl/bzBU1]Akita[/url], [url=http://goo.gl/SO5ug]VLC-GTK[/url], [url=https://tiny.cc/c2hnfz]Search[/url][/b]

Endre
Posts: 3
Joined: Mon 16 Sep 2013, 20:35

Thanks

#13 Post by Endre »

Great writeup, many thanks sc0ttman! I was going to look into using keys instead of passwords, and you have made it a lot easier for me. One command that hasn't worked for me was the one in Step 2:

Code: Select all

cat ~/.ssh/id_rsa.pub | scp user@host_ip 'cat - >> ~/.ssh/authorized_keys'
I had to replace it with this:

Code: Select all

cat ~/.ssh/id_rsa.pub | ssh -p <port number> <username>@<host_ip> 'cat - >> ~/.ssh/authorized_keys'
(-p port number is only required if connecting to a different port than the standard 22)
The reason is explained here, the gist being that scp does not read data from stdin.
The shortening stuff and the potential permissions problems are good to know about, too, thanks! I take it from your description that bringing in ssh-agent to avoid entering the pass phrase on every login is probably more trouble than it's worth for occasional use (e.g. for remote control). In scenarios with frequent logins that's obviously different.

User avatar
sc0ttman
Posts: 2812
Joined: Wed 16 Sep 2009, 05:44
Location: UK

Re: Thanks

#14 Post by sc0ttman »

Endre wrote:Great writeup, many thanks sc0ttman! I was going to look into using keys instead of passwords, and you have made it a lot easier for me. One command that hasn't worked for me was the one in Step 2:

Code: Select all

cat ~/.ssh/id_rsa.pub | scp user@host_ip 'cat - >> ~/.ssh/authorized_keys'
I had to replace it with this:

Code: Select all

cat ~/.ssh/id_rsa.pub | ssh -p <port number> <username>@<host_ip> 'cat - >> ~/.ssh/authorized_keys'
You're welcome.. And whoops! Yep, you're right, well spotted.. I will update the post. Thanks.

I should note also, once you added your key to the server, it won't ever need to be done again... In order to re-enable the auto login after reboot, you would only need to run step 4 again, then login over ssh..
[b][url=https://bit.ly/2KjtxoD]Pkg[/url], [url=https://bit.ly/2U6dzxV]mdsh[/url], [url=https://bit.ly/2G49OE8]Woofy[/url], [url=http://goo.gl/bzBU1]Akita[/url], [url=http://goo.gl/SO5ug]VLC-GTK[/url], [url=https://tiny.cc/c2hnfz]Search[/url][/b]

Post Reply